Data security

Learn more about how protecting your data is our first priority

Introduction

We understand that privacy and security are of prime importance, and we're here to let you know that we spend more time on security than just about anything else.

Protecting the data you trust to ScalePad is our first priority. We use physical, procedural, and technical safeguards to preserve the integrity and security of your information.


Data security summary

We have a progressive commitment to security excellence. Here's a summary of key points you should know:

  • Multi-factor authentication (MFAMFA - Multi-factor authentication, or MFA, is a two-step verification process used to increase security measures to your account.) is available on all accounts
    • See our Set up MFA article for instructions on how to set it up
  • We have stringent backup and business continuity processes in place
  • We adhere strictly to both procedural and technical standards for, but not limited to:
    • Credential management and credential requirements
    • Role-based privileged access control, as required for purpose
    • Firewalls and locked-down modern, internal systems

Data security standards

When you set up a connection to ScalePad, we deliberately limit the surface area of the data we access to the bare minimum required. We only use it for the purposes of providing our service to you.

We regularly back up your data to prevent data loss and aid in recovery. We implement access restrictions on all of our systems and servers to better protect your information. All access is logged (including physical access).

With regards to your sensitive payment information, we don’t store that at all. It’s handled by our upstream payment gateway—the very reputable Stripe.


Secure Amazon hosting platform

Amazon’s hosting platform is among the most secure and tested systems in history. Their entire infrastructure is PCI-DSS certified. AWS services maintain PCI-DSS Level 1, SSAE16 SOC 1, SOC 2 and SOC 3, ISO 27001, 27017 and 27018.

These above certifications cover selected AWS services, including their:

  • Security governance
  • Physical security
  • Network infrastructure
  • Change management
  • Administration practices

With these established services, ScalePad delivers a secure, robust, and reliable application you can trust.


Data storage

We host data in AWS secure SSAE 16 / SOC1 certified data centers, including third-party security researchers to ensure practices are secure.

If you're interested, SOC compliance statements are available on the AWS SOC FAQ page.


Data stored in-app

As a necessity to provide our service, the hardware asset information which ScalePad stores is as follows:

  • Asset Name
  • Organization and/or Site, Location
  • Asset type
  • Manufacturer
  • Serial number
  • User information
  • Member information per organization
  • Software (such as the OS, e.g. Windows 10)
  • Age
  • Purchase date
  • Expiry date

📘

Removing integrations will purge your data

If you choose to remove an integration from your ScalePad account, all associated data will be purged from our systems.


Credential encryption

It makes sense that you might also be curious with regards to our security standards surrounding credential encryption. We're happy to share these key points with you:

Passwords

  • Passwords are encrypted with AES-256-bit encryption
    • This includes a 2048-bit RSA public key, with secure random keys that are unique to each password
  • The RSA private keys are encrypted with a secure, random RSA key passphrase
    • These are stored in an isolated bucket, locked down to only allow access from our servers as required for decryption
  • The decryption process takes place server-side
    • The private key passphrases (and private keys themselves) are not stored in the database
    • The private keys are stored in a secured bucket that is only accessible via the servers used for decryption
  • Decrypted password data is never written to disk
  • The web servers themselves are also locked down with multiple firewalls, whitelisting incoming/outgoing traffic and key-based access.

Access to the ScalePad app

  • Access to the entire ScalePad app is limited to strong SSL encryption over HTTPS

🚧

Important

Credentials stored in ScalePad can never be recovered


👍

For more information, including GDPR considerations

If you'd like some more information, please read our Privacy Policy, as well as our Terms and Conditions.

Updated 3 months ago

Data security


Learn more about how protecting your data is our first priority

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.